Over the last year we have migrated almost all services that used to run on our Windows server (SBS 2003 Premium) to another server running Linux. The last few services will shortly be moving to a new Windows 2003 Server running as a VM on top of the Linux box - we plan to keep this VM long term as we anticipate there will always be a need for certain software that will only run on Windows.

As all of the migrated services (email, fileserver etc) use their own authentication, I am left wondering if the benefit of keeping the windows domain is outweighed by the cost (primarily increased complexity for disaster recovery). Should I take the opportunity to get rid of it entirely if there is no obvious need to keep it?

The company has about 20 desktops, including several that are not currently joined to the domain because they are XP Home boxes got on the cheap.

I'm curious as to why you've moved to services with their own authentication. Don't your users find that tedious or you find you spend a lot of time recovering passwords?
–
uSlackrJun 6 '11 at 12:40

4

@Jack - Ouch, passwords that users cannot change is baaaaaaad. I hope that you're not working with sensitive data at all, you'll fail an audit immediately with a policy like that.
–
MDMarraJun 6 '11 at 12:54

3

@Jack - Not really, it's an instant failure in almost every type of audit, since both a member of IT and the user will know that password. It's much too long of a topic to get into beyond that.
–
MDMarraJun 6 '11 at 13:06

8

So you're comfortable with shared passwords but not with the cloud? I'm all for being cautious about putting important data into the cloud but combining that with shared passwords is like someone who smokes 10 packs of cigarettes a day who won't drink coffee because they've heard that caffeine is bad for you.
–
RobMJun 6 '11 at 13:25

2

If I have to access a users's emails in exchange as an admin, then it will be logged, so that's hardly the same. Being able to impersonate users because I know their credentials is a very bad thing. I'll give you a simple example - your company needs to discipline an employee for gross misconduct using your email system. They claim you used their password to impersonate them and send the email, and sue for wrongful dismissal. Good luck proving they did it. Your password policy is from about 20 years ago. It has very little to do with who you "trust".
–
RobMJun 6 '11 at 13:47

@syncbean - the SSO thing was a side issue after this comment: "GPO in AD allows you to centralize passwords, so users only have to remember one" - my question was not about SSO specifically. Nevertheless, thanks for the link to GoSA which is interesting.
–
Jack DouglasJun 6 '11 at 14:30

If you plan for your company to never grow, then it sounds like you can certainly do away with it. The major benefits to AD are centralized auth, group policy, and integration into other systems. With a desktop fleet of 15-20, you can handle most of the grunt work by hand rather than GPO (though GPO would still be faster).

If you ever plan on growing, your current setup will quickly spiral out of control. Without a way to centrally manage settings and dictate policy to the Windows clients, you'll have your work cut out for you if your user base doubles. If you try and do everything on the cheap, you'll end up spending more money on man-hours trying to manage it. There is going to be a certain cost to IT operations and trying to go as cheap as possible never works.

Also, not allowing users to change passwords is a huge security issue. You should really remedy that whether you stick with AD or not.

@Jack - While I understand that there are social problems with passwords, almost every type of authentication database/directory allows for complexity and expiration requirements. A fence with chain-link and razor wire will keep whatever is behind it much more secure than some posts and string. Just because passwords aren't perfect doesn't mean that common best-practices regarding them should be ignored.
–
MDMarraJun 6 '11 at 13:40

1

@Jack, GPO in AD allows you to centralize passwords, so users only have to remember one, force password complexity, password length, how often they have to change their password (both min and max time frames), can't reuse passwords.. MS put a lot of thought into what password security you can enforce (or throw out the window, as you have).
–
Chris S♦Jun 6 '11 at 13:42

1

@Jack, could you point me in the direction of some scholarly articles regarding SSO being less secure? I'd be very interested in reading up on that.
–
Chris S♦Jun 6 '11 at 13:49

1

@Jack - People certainly go back and forth about SSO (with most people taking the convenience of SSO), but the problem isn't so much with that as with the non-expiring, non-changable passwords that are not known exclusively by the user.
–
MDMarraJun 6 '11 at 13:57

3

So you don't let users pick their passwords. Instead, what?, you pick them for everyone. And you don't see a significant security risk in knowing everyone's password. Does your boss? And if the users don't know their passwords, what IS your security mechanism?
–
uSlackrJun 6 '11 at 14:44